Page 52 of 1975 results (0.028 seconds)

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 2

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. Un manejo incorrecto de los grupos suplementarios en el motor de contenedores Podman podría conllevar a una divulgación de información confidencial o una posible modificación de datos si un atacante presenta acceso directo al contenedor afectado donde son usados grupos suplementarios para establecer permisos de acceso y es capaz de ejecutar un código binario en ese contenedor • https://bugzilla.redhat.com/show_bug.cgi?id=2121445 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation https://access.redhat.com/security/cve/CVE-2022-2989 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadrática que usan bases no binarias, cuando es usada int("text"), un sistema podría tardar 50ms en analizar una cadena int con 100.000 dígitos y 5s para 1.000.000 de dígitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no están afectados). • http://www.openwall.com/lists/oss-security/2022/09/21/1 http://www.openwall.com/lists/oss-security/2022/09/21/4 https://access.redhat.com/security/cve/CVE-2020-10735 https://bugzilla.redhat.com/show_bug.cgi?id=1834423 https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y https://github.com/python/cpython/issues/95778 https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-400: Uncontrolled Resource Consumption CWE-704: Incorrect Type Conversion or Cast •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Se ha encontrado un fallo de lectura de memoria fuera de límites en el subsistema BPF del kernel de Linux en la forma en que un usuario llama a la función bpf_tail_call con una clave mayor que el max_entries del mapa. Este fallo permite a un usuario local conseguir acceso no autorizado a los datos • https://bugzilla.redhat.com/show_bug.cgi?id=2121800 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Se ha encontrado un fallo en el controlador del kernel de Linux para los dispositivos USB 2.0/3.0 Gigabit Ethernet basados en ASIX versión AX88179_178A. La vulnerabilidad contiene múltiples lecturas fuera de límites y posibles escrituras fuera de límites • https://bugzilla.redhat.com/show_bug.cgi?id=2067482 https://security.netapp.com/advisory/ntap-20230113-0001 https://access.redhat.com/security/cve/CVE-2022-2964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un error de coerción de enteros en el módulo del kernel openvswitch. Dado un número suficientemente grande de acciones, mientras ses copiado y es reservada memoria para una nueva acción de un nuevo flujo, la función reserve_sfa_size() no devuelve -EMSGSIZE como es esperado, conllevando potencialmente a un acceso de escritura fuera de límites. • https://github.com/bb33bb/CVE-2022-2639-PipeVersion https://github.com/letsr00t/-2022-LOCALROOT-CVE-2022-2639 https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639 https://bugzilla.redhat.com/show_bug.cgi?id=2084479 https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 https://access.redhat.com/security/cve/CVE-2022-2639 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •